In message <[email protected]> Viktor Dukhovni via Postfix-users writes: > On Tue, Mar 31, 2026 at 08:14:51AM -0400, Curtis Villamizar via Postfix-users > wrote: > > > But does MTA-STS actually work in the absense of DNSSEC? > > The cynical view would be that this is an effective fig-leaf, that makes > it possible to shirk the work required to support DANE. Less cynically, > one might say that it plausibly works for mail *between* the large > providers that support it, but is brittle otherwise.
Count me among the cynical. > > If a MITM > > can forge the DNS MX record why can't they return NXDOMAIN for the > > same domain when asked for _mta-sts at the same domain? > > They can, MTA-STS policy discovery is not downgrade-resistant. Once a > policy is cached, it is harder to downgrade, and if refreshed eagerly > and traffic to the destination is regular enogh, perhaps somewhat > effective. So TOFU vulnerable and vulnerable for low volume mail domains that don't get held in cache. > > If so the sending host sees no MTA-STS policy, never fetches anything > > from the web site, and happily delivers mail to the MITM to read and > > relay. > > Correct. > > > Am I missing something? Is google's use of MTA-STS without DNSSEC at > > all useful? > > The policy cache is supposed to facilitate policy continuity, the client > system needs to get many things "right" for this to remain a robust > mechanism across multiple policy "age" limits (often set to just 1 day > by the major players). So age could be set long but how long before cache space is low and entries with long age are tossed prematurely. It seems like caching the policy of every other mail domain in existance has a scalability issue. > > Also how does MTA-STS not violate the "publicly-referenced SMTP server > > MUST NOT require .. STARTTLS" in rfc2487 and rfc3207. (Which imho > > should be fixed to remove that restriction.) > > They don't *require* STARTTLS, they also accept mail in the clear. > MTA-STS just asks clients to deliver over authenticated TLS, sort > of like DANE, but without downgrade resistance, and much more > complex deployment model for an MX hosting many domains. No downgrade resistance is very convenient for the MITM. They don't need to bother with TLS if they don't want to. > Viktor. 🇺🇦 Слава Україні! Thanks, Curtis _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
